Bill Sommerfeld wrote:
>>> wes-4 the sha*sum commands (and any other commands delivered by this
>>> project which use cryptographic hashes) should use one of the
>>> existing hash function implementations in Solaris rather than
>>> delivering a new copy. (see libmd(3LIB)).
>> Disagree on economic grounds. The cryptographic functions in the
>> package are Project Private and, at present, deviation would introduce
>> a maintenance cost not borne by other distributions that choose to
>> include these utilities.
>
> I don't believe this analysis is as straightforward as you think.
>
> We do processor-specific performance tuning of many cryptographic
> algorithms; by delivering additional implementations, you either (a)
> dilute the value of this performance tuning effort, or (b) require the
> additional implementations to be tuned, which will more than eliminate
> any savings from delivering a redundant implementation.
>
> This may also complicate cryptographic certification.
We also strongly discourage duplication of cryptographic implementations
because it complicates export approval. That's not a huge concern for
digest functions, but in general it's another reason to prefer
centralized crypto implementations.
Scott
